91 lines
2.1 KiB
YAML
91 lines
2.1 KiB
YAML
---
|
|
# Authelia configuration - repo baseline for non-secret access-control/session/storage settings
|
|
# Manual host sync/merge required after changes:
|
|
# /mnt/user/appdata/authelia/config/configuration.yml
|
|
# Docs: https://www.authelia.com/configuration/
|
|
# Keep user database, OIDC client configuration, and secret values outside Git.
|
|
|
|
theme: dark
|
|
|
|
server:
|
|
address: tcp://0.0.0.0:9091
|
|
|
|
log:
|
|
level: info
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: /config/users_database.yml
|
|
password:
|
|
algorithm: argon2id
|
|
iterations: 3
|
|
key_length: 32
|
|
salt_length: 16
|
|
memory: 65536
|
|
parallelism: 4
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
# Authelia selbst ist immer erreichbar (bypass)
|
|
- domain: auth.kaleschke.info
|
|
policy: bypass
|
|
|
|
# Oeffentliche Apps - kein Login noetig
|
|
- domain:
|
|
- immich.kaleschke.info
|
|
- paperless.kaleschke.info
|
|
- mealie.kaleschke.info
|
|
- vault.kaleschke.info
|
|
- ntfy.kaleschke.info
|
|
- git.kaleschke.info
|
|
policy: bypass
|
|
|
|
# Admin-Dienste - 2FA erforderlich
|
|
- domain:
|
|
- files.kaleschke.info
|
|
- scrutiny.kaleschke.info
|
|
policy: two_factor
|
|
|
|
# Alles andere mit Authelia-Middleware - 1FA.
|
|
# Komodo hat bewusst keine ForwardAuth-Middleware und wird hier nicht ausgewertet.
|
|
- domain: "*.kaleschke.info"
|
|
policy: one_factor
|
|
|
|
session:
|
|
name: authelia_session
|
|
same_site: lax
|
|
expiration: 12h
|
|
inactivity: 45m
|
|
remember_me: 1M
|
|
cookies:
|
|
- domain: kaleschke.info
|
|
authelia_url: https://auth.kaleschke.info
|
|
default_redirection_url: https://glance.kaleschke.info
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 2m
|
|
ban_time: 5m
|
|
|
|
storage:
|
|
postgres:
|
|
address: tcp://postgresql17:5432
|
|
database: authelia
|
|
username: authelia
|
|
|
|
notifier:
|
|
disable_startup_check: false
|
|
smtp:
|
|
address: submission://mail.gmx.net:587
|
|
username: michideheld@gmx.de
|
|
sender: "Authelia <michideheld@gmx.de>"
|
|
identifier: auth.kaleschke.info
|
|
subject: "[Authelia] {title}"
|
|
startup_check_address: michideheld@gmx.de
|
|
|
|
totp:
|
|
issuer: kaleschke.info
|
|
period: 30
|
|
skew: 1
|